Managing Cloud Risks Gave Security Teams a Big Headache in 2024

Enterprise IT and security managers had a lot to worry about in 2024, such as the exploding number of vulnerabilities, increased volume of threats against their organizations, constant drumbeat of data breaches, and steady stream of user error and human behavior to manage. Also a big concern was the growing risk exposure as a result of their organizations' increased reliance on cloud technologies.

Respondents to Dark Reading's Strategic Security survey revealed growing concerns about risks tied to cloud services. In face of rising adoption of cloud services for data storage, applications, and business operations, organizations appear to be particularly worried about their dependence on cloud providers' security measures and their reduced control over data in cloud environments. Thirty-five percent of organizations, compared to just 23% in the 2023 survey, reported using between 10 and 29 cloud applications internally. Most organizations work with multiple cloud providers, which contribute to the visibility challenges. Just under half, or 48%, rely on two or three providers, and 60% use between two to five cloud service providers.

The near ubiquity of the cloud means organizations are increasingly concerned about cloud security threats. Exploits targeting cloud service providers was the top worry for almost half of the respondents (49.6%), followed closely by cloud services breaches and intrusions (47.8%). The lack of data visibility in cloud environments and inability to enforce security policies on cloud-stored data tied for third place (39.1%). In comparison, the 2023 survey revealed only 45% of respondents worried about cloud exploits, 38% worried about cloud services breaches, and 24% worried about the inability to enforce security policies in the cloud.

The complexity of cloud security is further highlighted by organizations' staffing and control concerns. Over-reliance on cloud service providers to detect data breaches was cited by 28.7% of respondents, while 19.1% expressed concern about unclear incident-response protocols with their cloud service providers. Notably, the percentage of organizations worried about their inability to enforce security policies on cloud-stored data increased significantly from 24.4% in 2023 to 39.1% in 2024, suggesting growing awareness of the challenges in maintaining security control in cloud environments. These findings indicate that while organizations continue to embrace cloud services, they struggle with visibility, control, and the division of security responsibilities between themselves and their cloud service providers.

Security teams have long grappled with the challenges posed by the shared responsibility model with cloud providers where the provider and the organization have to work together to handle their part of the security tasks. The survey found that organizations are increasingly including the challenges of shared responsibility models, data sovereignty issues and loss of control in their risk assessments. For instance, 39% are worried about risks tied to a lack of visibility in cloud environments and an identical proportion believed their inability to enforce enterprise data security policies in the cloud has put them at risk. Nearly three-in-10 (29%) are concerned about their over-reliance on cloud vendors to detect security issues.